Avoid SetString() from big.Rat

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Metadata

ID: go-security/avoid-rat-setstring

Language: Go

Severity: Warning

Category: Security

CWE: 109

Description

Do not use the function SetString from big.Rat as it as a potential overflow in some Go versions. Even if your current Go runtime is not vulnerable to this issue, your code may be used by runtime that are. We recommend avoiding the function SetString from the math/big package for this reason.

Learn More

Non-Compliant Code Examples

package main

import (
	"math/big"
	"fmt"
)

func main() {
	var r = big.Rat{}
	r.SetString("13e-9223372036854775808")

	fmt.Println(r)
}
package main

import (
	"math/big"
	"fmt"
)

func anotherFunction() {
	r = big.Rat{}
	fmt.Println(r)
	r.SetString("13e-9223372036854775808")

	fmt.Println(r)
}

func anotherFunction2() {
	var r big.Rat
	fmt.Println(r)
	r.SetString("13e-9223372036854775808")

	fmt.Println(r)
}

func main() {
	var r = big.Rat{}
	r.SetString("13e-9223372036854775808")

	fmt.Println(r)
}
package main

import (
	"math/big"
	"fmt"
)

func main() {
	r := big.Rat{}
	r.SetString("13e-9223372036854775808")

	fmt.Println(r)
}

Compliant Code Examples

package main

import (
	"math/big"
	"fmt"
)

func main() {
	r := big.NewRat(10, 3)

	fmt.Println(r)
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

PREVIEWING: rtrieu/product-analytics-ui-changes